336 matches found
Malicious Package
Overview tailwindcss-animation-css is a malicious package. This package contains malicious code associated with a social engineering campaign called "Contagious Interview." The attackers target developers through fake job interviews or coding test assignments that require the installation of this...
Malicious Package
Overview bootstrap-setcolor is a malicious package. This package contains malicious code associated with a social engineering campaign called "Contagious Interview." The attackers target developers through fake job interviews or coding test assignments that require the installation of this packag...
Malicious Package
Overview react-svg-helper-fast is a malicious package. This package contains malicious code associated with a social engineering campaign called "Contagious Interview." The attackers target developers through fake job interviews or coding test assignments that require the installation of this...
CVE-2025-66291
OrangeHRM is a comprehensive human resource management HRM system. From version 5.0 to 5.7, the interview attachment retrieval endpoint in the Recruitment module serves files based solely on an authenticated session and user-supplied identifiers, without verifying whether the requester has...
CVE-2025-66291 OrangeHRM is Vulnerable to Improper Authorization Allowing Unauthorized Access to Interview Attachments
OrangeHRM is a comprehensive human resource management HRM system. From version 5.0 to 5.7, the interview attachment retrieval endpoint in the Recruitment module serves files based solely on an authenticated session and user-supplied identifiers, without verifying whether the requester has...
CVE-2025-66291 OrangeHRM is Vulnerable to Improper Authorization Allowing Unauthorized Access to Interview Attachments
OrangeHRM is a comprehensive human resource management HRM system. From version 5.0 to 5.7, the interview attachment retrieval endpoint in the Recruitment module serves files based solely on an authenticated session and user-supplied identifiers, without verifying whether the requester has...
CVE-2025-66291
OrangeHRM versions 5.0–5.7 expose confidential interview documents through an Authorization vulnerability in the Interview Attachment Retrieval endpoint of the Recruitment module. The endpoint serves files based solely on an authenticated session and user-supplied identifiers without verifying wh...
CVE-2025-66291 OrangeHRM is Vulnerable to Improper Authorization Allowing Unauthorized Access to Interview Attachments
OrangeHRM is a comprehensive human resource management HRM system. From version 5.0 to 5.7, the interview attachment retrieval endpoint in the Recruitment module serves files based solely on an authenticated session and user-supplied identifiers, without verifying whether the requester has...
EUVD-2025-199903
OrangeHRM is a comprehensive human resource management HRM system. From version 5.0 to 5.7, the interview attachment retrieval endpoint in the Recruitment module serves files based solely on an authenticated session and user-supplied identifiers, without verifying whether the requester has...
PT-2025-48369
OrangeHRM is a comprehensive human resource management HRM system. From version 5.0 to 5.7, the interview attachment retrieval endpoint in the Recruitment module serves files based solely on an authenticated session and user-supplied identifiers, without verifying whether the requester has...
OrangeHRM 授权问题漏洞
OrangeHRM is a human resource management system HRM from OrangeHRM, Inc. in the United States. The system supports personnel information management, leave management, attendance management and recruitment management. An authorization issue vulnerability exists in OrangeHRM versions 5.0 through 5....
Fake LinkedIn jobs trick Mac users into downloading Flexible Ferret malware
Researchers have discovered a new attack targeting Mac users. It lures them to a fake job website, then tricks them into downloading malware via a bogus software update. The attackers pose as recruiters and contact people via LinkedIn, encouraging them to apply for a role. As part of the...
CVE-2025-13343
A security flaw has been discovered in SourceCodester Interview Management System 1.0. Affected is an unknown function of the file /editQuestion.php. The manipulation of the argument Question results in cross site scripting. It is possible to launch the attack remotely. The exploit has been...
EUVD-2025-197974
A security flaw has been discovered in SourceCodester Interview Management System 1.0. Affected is an unknown function of the file /editQuestion.php. The manipulation of the argument Question results in cross site scripting. It is possible to launch the attack remotely. The exploit has been...
CVE-2025-13343
A security flaw has been discovered in SourceCodester Interview Management System 1.0. Affected is an unknown function of the file /editQuestion.php. The manipulation of the argument Question results in cross site scripting. It is possible to launch the attack remotely. The exploit has been...
CVE-2025-13343 SourceCodester Interview Management System editQuestion.php cross site scripting
A security flaw has been discovered in SourceCodester Interview Management System 1.0. Affected is an unknown function of the file /editQuestion.php. The manipulation of the argument Question results in cross site scripting. It is possible to launch the attack remotely. The exploit has been...
CVE-2025-13343
CVE-2025-13343 concerns SourceCodester Interview Management System 1.0. Affected component: the function handling the parameter in /editQuestion.php (parameter: Question). The input manipulation results in cross-site scripting (XSS) and can be exploited remotely. Multiple sources confirm the issu...
CVE-2025-13343 SourceCodester Interview Management System editQuestion.php cross site scripting
A security flaw has been discovered in SourceCodester Interview Management System 1.0. Affected is an unknown function of the file /editQuestion.php. The manipulation of the argument Question results in cross site scripting. It is possible to launch the attack remotely. The exploit has been...
PT-2025-47297
Name of the Vulnerable Software and Affected Versions SourceCodester Interview Management System version 1.0 Description A security flaw exists in SourceCodester Interview Management System 1.0. The manipulation of the Question argument in the file /editQuestion.php can lead to cross site...
SourceCodester Interview Management System 代码注入漏洞
SourceCodester Interview Management System is a SourceCodester open source interview management system. A code injection vulnerability exists in version 1.0 of the SourceCodester Interview Management System, which stems from an incorrect manipulation of the parameter Question in the file...